This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2022-11-17
Channels
- # announcements (7)
- # architecture (12)
- # babashka (5)
- # bangalore-clj (4)
- # beginners (70)
- # biff (23)
- # calva (21)
- # clojure (130)
- # clojure-bay-area (3)
- # clojure-berlin (1)
- # clojure-brasil (1)
- # clojure-europe (55)
- # clojure-finland (4)
- # clojure-greece (5)
- # clojure-nl (3)
- # clojure-norway (10)
- # clojurescript (52)
- # code-reviews (4)
- # community-development (1)
- # data-science (7)
- # datahike (6)
- # datomic (1)
- # events (1)
- # figwheel-main (7)
- # fulcro (23)
- # helix (2)
- # honeysql (32)
- # malli (18)
- # membrane (6)
- # nbb (22)
- # nyc (1)
- # off-topic (26)
- # pathom (2)
- # polylith (34)
- # quil (13)
- # releases (1)
- # remote-jobs (4)
- # scittle (1)
- # shadow-cljs (52)
- # sql (24)
- # tools-deps (17)
- # vim (11)
- # web-security (15)
- # xtdb (6)
Hi everyone i am curious about authentication and authorization approaches you've used recently in clojure land that left impression? I am looking for a way to elegantly solve this for demo app i am making. Thank you for your time.
At All Street - we use Auth0 for authenticating users and lookup user purchases in Stripe for authorisation. This is probably overkill for most usecases. Some of our internal tools use Basic Auth which can work fine for internal users and demos.
I guess it depends on your requirements. I’d externalize authentication to something like Okta, Auth0, Keycloak, etc. Authorization, Open Policy Agent. Although I might be biased 🙂
Authorisation could be as simple as fields in your user database or a config file or permissions - doesn't have to be an external managed service.
Yep, depends largely on whether it’s a distributed application on being built, or a monolith.
Problem with external managed auth service is price. Ours started as free and has risen to $400 per month - for effectively the same thing. For that amount it would have been better to go for internal auth from the start.
There are many open source providers for external authentication though.
Yup - we'll consider options at some point. When we started using it we weren't expecting it to shoot up as much.
There is a nice Clojure wrapper for Keycloak that you may wanna check out. https://nextjournal.com/schmudde/keycloak-environment
And there is Friend - older and Buddy - most used for new stuff https://github.com/coast-framework/coast/blob/master/docs/authentication.md
Author of https://github.com/jgrodziski/keycloak-clojure here feel free to ask anything! I find Keycloak efficient and battle-tested at runtime, authentication is very easy as it follows OAuth2/OIDC and it’s just some redirect mechanisms and token verification. Keycloak deals with all the authentication workflow very easily. The https://www.keycloak.org/docs/latest/authorization_services/index.html is exhaustive but imho worth the effort only for extensive needs. Role-based access control is easy to setup in Keycloak (as the source of truth of roles granted to identity) and for enforcement in application it depends of the lib you use but it’s easy to setup with Yada or with a ring-middleware (look at keycloak-clojure doc for details on that or msg me). For authorization the topic is wide but some newcomers in that field seems interesting : https://www.aserto.com , https://github.com/Permify/permify, https://www.openpolicyagent.org/ but don’t have first hand experience…
(I work on the OPA project 🙂)